This article is for people who want more online privacy and security. If you are in a hurry to find your distro, skip ahead to “How to Choose Your Best Linux Privacy Distro.”
Why is Linux better than Windows or macOS?
Independent security experts favor Linux over either Windows or macOS, explaining all the reasons why is an article in itself. We’ll touch on two of the big reasons most pros favor Linux over Windows and macOS, then zoom in on Linux distros.
Two of the biggest reasons experts say Linux is more secure than Windows or macOS are that Linux:
- Is Built on Open Source Software
- Is a “Small” Target for Hackers
Linux is Built on Open Source Software
The code that Linux is built on is open-source software. That means anyone can read or modify the code. While that may sound like a privacy nightmare, it is actually the opposite. Independent programmers from all over the world work on Linux code. That makes it almost impossible for a bad actor to add malicious code to Linux without someone seeing it.
Contrast this to proprietary operating systems like Windows or macOS. The proprietary source code is controlled by the company and hidden from outsiders. If you use a proprietary operating system, you have to trust the company. Will they ensure that no malicious code gets added by outsiders? Will they add malicious code themselves?
Windows 10, for example, has code in it that records all sorts of information about how you use your computer. Microsoft inserted this code intentionally to gather this information for their own use. In the Linux world, a small army of programmers guards the source code against this kind of behavior.
Linux is a “Small” Target for Hackers
According to Statistica, in 2017, there were over 1.3 billion users of Microsoft Windows in the world. They also stated there were over 170 million users of MacOS 10.
What about Linux? Around 28 million users. In other words:
- There are about six times as many MacOS users as Linux users.
- There are almost 50 times as many Windows users as there are Linux users.
If you were a hacker, which target would you choose? The 1.3 billion Windows users or the 28 million Linux users?
Social Engineering May Be the Biggest Threat of All
While the operating system you use is important to your online privacy, social engineering might be an even bigger threat than some piece of malicious software.
“The key to social engineering is influencing a person to do something that allows the hacker to gain access to information or your network.” – Kevin Mitnick, Internet security expert and “world’s most famous hacker.”
Bad guys of all types use social engineering techniques to get around the protections built into your operating system. They take advantage of your trusting nature or curiosity to trick you into giving them the information they want.
See this article to learn about various social engineering attacks and how you can protect yourself from them.
Okay, so what exactly is Linux?
We’ve been talking about Linux and how it differs from Windows and macOS. But we haven’t said exactly what Linux is. Let’s do that now.
Linux is a family of free and open-source operating systems. It is based on core software called the Linux Kernel. Because the Kernel is free and open-source, anyone can use it to create their own version of Linux. When someone bundles together the Kernel and the rest of the software to make a fully functional operating system, it is called a Linux Distribution, or Linux Distro.
Developers have created hundreds of Linux Distros for a wide range of purposes. Some can replace Windows and macOS on the typical user’s desktop computers. Others run everything from the print server in your office to the most powerful supercomputers. Even the Android operating system running your smartphone is based on Linux.
While it is cool that Linux is used in so many places, that doesn’t help us much right now. So for the rest of this article, we’ll concentrate on Linux Distros that run on personal computers and are used for typical personal activities. We’ll ignore the versions running on smartphones, supercomputers, and other places.
Pros and Cons of Moving to Linux from Windows or macOS
|Most Linux Distros are free.||Support can be limited/disorganized.|
|Linux is considered more secure.||Most of the world runs Windows or macOS.|
|There is a Linux Distro for virtually any use case.||The most popular software runs on Windows.|
|There are free and open-source programs that work like most popular Windows programs.|
|Less malware is written for Linux.|
|Linux Distros are usually faster/more efficient.|
How to Choose Your Best Linux Privacy Distro
Choosing the best privacy distro is a personal thing. Perfect privacy is impossible to guarantee. And the greater the privacy you want, the more tradeoffs you will need to make.
In an ideal world, all our Personally Identifiable Information (PII) would be private. We would control who gets to see our information. The same goes for records of what we do and where we go when online.
Instead, all sorts of groups are trying to get their hands on this information for their own uses. You have to decide how much online privacy you need and how much you are willing to sacrifice to get that privacy.
The most popular operating systems and programs usually have the weakest privacy protections. But they also work with the most websites and have the most support. This makes them ideal targets for the bad guys.
Worse, the makers of these operating systems and programs often want your PII for their own uses. Remember the uproar when people saw what data Windows 10 collects about its users?
Moving to a Linux Distro eliminates many privacy and security problems. That said, every distro has its strengths and weaknesses. Read on to learn about several popular Linux Distros and the kind of privacy they give you.
Regular Linux Distros for Basic Privacy
If you use Windows or macOS, you can boost your privacy simply by moving to Linux. In this section, we’ll look at the privacy strengths and weaknesses of three popular Linux Distros.
Ubuntu is the most popular desktop Linux Distro. It is supported by a company called Canonical Ltd. Canonical funds development of Ubuntu with money earned, providing Ubuntu support to businesses. Unfortunately, Ubuntu has a spotty record when it comes to user privacy.
In 2012, Ubuntu recorded what users searched for in the files on their computers. It then sent that information to Canonical. Canonical used the information to run targeted Amazon ads on the user’s computer.
This prompted Richard Stallman, President of the Free Software Foundation, to call for the free software community to shun Ubuntu for spying on its users. Canonical eventually disabled this monitoring after much public pressure.
In 2018 Ubuntu began collecting a range of data from user’s computers and sending it back to Canonical. They say the data is anonymized, but the fact that they began collecting the data upset a lot of people. So did the way they set things up. New installations of Ubuntu 18.04 were set up to collect and send the data. Users should have to opt into giving up their data, not opt-out of Canonical taking it automatically.
Given this history, we recommend you look at other Linux distros if you value your privacy.
Linux Mint is perhaps the version of Linux that Windows users will find easiest to adjust to. In particular, Linux Mint Cinnamon looks and feels much like Windows 7 did.
But what about privacy? This could have been a problem since Linux Mint is built on Ubuntu code. However, in their April 2018 newsletter, the Linux Mint team announced, “Ubuntu ships with “ubuntu-report,” which collects metrics and usage data. This package won’t be present in Linux Mint, and no data will be collected or sent.”
While Linux Mint doesn’t have the potential privacy issues that Ubuntu does, it certainly doesn’t provide the ultimate in privacy protection. Among other things, while it comes with all open-source software by default, Linux Mint does allow you to install proprietary video drivers and other software. This increases the risks to your privacy.
Linux Mint also uses unencrypted, non-anonymized connections to the Internet by default. This gives you the maximum in compatibility with websites and other online resources. But it leaves you exposed to all sorts of snooping unless you install and correctly configure tools like a VPN of Tor.
But if you are looking for a more private open-source operating system that’s easy to switch over to from Windows, Linux Mint could be a good option. One of our team has been using Linux Mint for several years now on multiple computers and remembers the switchover from Windows 7 as being very easy.
Debian is a Linux Distro that offers significant privacy improvements over Ubuntu or Linux Mint. But those improvements come at the price of some compatibility issues. Debian does not support any proprietary drivers or other components. This means that some popular commercial software won’t run on Debian.
On the other hand, the Debian community has created open source replacements for most any proprietary product you might need. As we said, there is some tradeoff of convenience for privacy.
Debian ships with Firefox-ESR (Extended Support Release) as its web browser. The personal version of Firefox ships with Ubuntu and Linux Mint. Firefox-ESR doesn’t include some of the privacy-threatening features that the personal version has. This makes the ESR version safer, but it may not work with some websites.
Emphasizing the Debian focus on user security and privacy, the team maintains a very detailed,
“step-by-step guide for setting up a personal computer with Debian from scratch to a fully configured system with high security, usability, convenience, and privacy protection.”
This SecurePersonalComputer guide is designed to help you go as far as you wish in securing your system from basic installation to advanced topics like:
- Installing the OpenVPN client and using it with a commercial VPN service
- Hardening the Linux Kernel against attacks
- Installing an Intrusion Detection System and Security Auditing Tools
- Installing Electrum, a free and open-source Bitcoin wallet
If you are looking for solid privacy and are willing to put up with some inconvenience and incompatibilities with the latest and greatest stuff on the Internet, Debian could be the Linux Privacy Distro for you.
Specialized Linux Distros for Privacy, Anonymity, and Security
The following three Linux Distros are specialized ones for people with more serious privacy needs.
Tails (The Amnesic Incognito Live System) is a Linux Distro designed to keep you anonymously and safe while online. So what’s with the crazy name? It will actually make sense if we look at each piece in reverse order:
- Live System – A live system is an operating system that can runs from a USB Stick or DVD without being installed on the computer where it is running. A live system is also sometimes called a live OS.
- Incognito – Tails uses the anonymous Tor network to connect to the Internet. Only the most powerful adversaries have the money and tech to defeat the Tor network. That means Tails can travel the Internet “incognito.”
- Amnesic – Tails does not leave any traces of its presence on the computer you are using. Not only that, but by design, Tails itself doesn’t remember anything either. All the data from your current session in Tails is in the RAM of the computer you are using. As soon as you power down the computer, everything is forgotten, making Tails “amnesic.”
Just from decoding the name, we can see that Tails is off to a good start when it comes to protecting your privacy. Beyond those in its name, Tails has these additional privacy features:
- Tails are based on Debian, itself a strong privacy distro.
- Tails comes with state of the art encryption tech built-in, including PGP and OTR support, automatic HTTPS, the KeePassX password manager, and much more.
With all this built-in privacy and anonymity in a mobile, use-anywhere package, Tails far surpasses distros like Linux Mint and even Debian. In case you’re still not convinced that this is a powerful Linux Privacy Distro, you should know that Edward Snowden used Tails to keep himself safe when he was passing NSA secrets to reporters a few years ago.
This doesn’t mean that Tails is foolproof. Researchers find security issues in Tails from time to time. The Tails team fixes them, of course, but there is no guarantee that all the possible issues have been found and fixed.
How safe you are when using Tails (or any other privacy distro) depends in part upon who wants you, and how badly they want you. If you want to protect yourself from a typical threat (you ex’s lawyer perhaps), Tails is likely more than sufficient.
But if you want to protect yourself from a global adversary (like the NSA) who wants you really badly, it isn’t clear that Tails is sufficient to save you. To help you understand the risks, the Tails team has a page dedicated to warnings.
To summarize, if you need robust privacy protection, and you’re not being pursued by the NSA, the 5 Eyes, or some other gigantic adversary with a global reach, Tails could be your answer.
While you are running a live system like Tails, it is the only operating system running on your computer. You don’t have to worry about the security of the operating system and programs that usually run on the computer.
At the same time, running from a live system has drawbacks. You are limited to the software that comes with the live system. This software is designed to give you privacy but usually doesn’t include the latest features and technologies.
Normally, a live system like Tails won’t even keep data from session to session (remember the Amnesic part of the name). Setting up a Persistent Storage partition gives Tails the ability to remember data from session to session, but introduces its own security vulnerabilities.
Whonix isn’t a live system. It typically runs as two VirtualBox virtual machines (VMs) on top of the computer’s normal operating system. It relies on the VirtualBox virtualization program to keep the software running in Whonix isolated from the rest of the software on the computer.
Like Tails, Whonix is based on a modified version of Debian.
Whonix protects you by dividing communications and your workspace between the VMs. Whonix-Gateway is the communications part of the system. It uses the Tor network to handle all connections with the outside world. The other VM is called Whonix-Workstation. This VM comes with common applications that are installed and configured and ready to run. You do all your work within the Workstation VM.
Because it uses VirtualBox VMs, Whonix can run on the vast majority of computers. You can work in the secure Whonix Workstation and still use the computer normally. This is convenient but dangerous.
Have you ever accidentally typed in the wrong window on your computer? Imagine doing this on a computer running Whonix. Only the software running in the Workstation VM is secure. The software outside Whonix is just as vulnerable to spyware, keyloggers, and other spying as ever.
And remember, any programs using the Whonix Gateway communicate through Tor. But programs running outside Whonix do not. Your ISP and anyone else who happens to be monitoring your computer will be able to see these communications.
We think Whonix by itself is risky due to running on the (probably insecure) regular operating system of the computer you use it on. However, there is a pretty elegant solution to this problem. We’ll tell you about it shortly. But before we do, we need to talk about Qubes.
With much of the Western security apparatus (spy agencies) out to get him, Edward Snowden is one guy who has to stay on top of Internet privacy and security. As you just saw, Snowden used Tails when he was first leaking information from the NSA.
But Edward Snowden has stopped using Tails and now relies on the Qubes OS. While the Qubes team bills their product as “a reasonably secure operating system,” Snowden and other experts take it much further:
Qubes protect you using the “Security by Isolation” approach. Using Qubes, you define security domains, each of which runs in a virtual machine. This lets you isolate programs and even components of Qubes from each other. Things running in one security domain can’t affect things running in other domains.
Say you use a normal computer for personal banking. But you also use it to visit dodgy websites sometimes. If something on one of those dodgy websites manages to compromise your computer system, everything on it, including your banking information, is at risk.
What if you were running Qubes? You would likely have one security domain for banking, and another for visiting those dodgy websites. Now, if something from one of those sites compromises your computer system, it can only touch things in the same security domain. Your banking information stays safe.
To make this all happen, Qubes replaces your old operating system with the Xen hypervisor. The Xen open source, type-1 hypervisor runs on bare metal. In other words, it runs directly on your computer’s hardware.
Because Xen doesn’t run on top of Windows or some other operating system, it is fast and efficient. It also eliminates the risk that the underlying operating system might be compromised (since there is no underlying operating system).
As far as each security domain virtual machine (called an AppVM in Qubes documentation) can tell, it is its own separate operating system. Most AppVMs run Linux, but there is support for Windows AppVMs too. Qubes provides tools for securely passing data from one domain to the other.
As you can see, Qubes is quite a step up in complexity from even Tails or Whonix. At the same time, Qubes itself doesn’t provide anonymity or privacy. To add these capabilities, people sometimes run Whonix inside of Qubes or Tails inside of Qubes.
If high-end privacy protection is what you need, and you are willing to make a radical shift in your computing environment, Qubes could be your answer.
How much privacy do you really need?
Choosing the best Linux Distro for your own privacy is a balancing act. Each of the Distros we’ve looked at here offers a different balance of privacy vs. convenience.
We suggest you start by picking the Linux Privacy Distro that looks like the best fit for you. Read the detailed review you’ll find on this site or dive right in and test it out for yourself.
There are some specific hardware issues with Qubes, unfortunately, for example when it comes to using nVidia graphics cards. And what is the hidden MINIX-Based ME in Intel chips doing before Qubes boots (and during its operation)?
Intel chips are made in Israel and are all backdoored by the Talpiot program. The problem is that every other chipset is the same whether AMD, Freescale, ARM etc. Talpiot is the daddy of spying
This app works really well 👍